Re: authenticating through a router

From: shawn_harris@tjx.com
Date: 11/01/01


Subject: Re: authenticating through a router
To: security-basics@securityfocus.com, "k0tu (AISec)" <k0tu@hotmail.com>
From: shawn_harris@tjx.com
Date: Thu, 1 Nov 2001 15:28:25 -0500
Message-ID: <OFC795559C.20F0DE6A-ON05256AF7.00700161@tjx.com>


That's exactly what you want to do , outside of buying two devices which
would then create the tunnel (basically a firewall - bastion box). Off the
top of my head I can't think of a package, I'm sure they exist thought.
You'll basically want to create an ipsec tunnel between the two devices,
then route to the hardened Linux box based a packets destination. I'm sure
others, or Google could help you find a package.

Shawn Harris
PM Store Communications
TJX, Co.

"k0tu (AISec)" <k0tu@hotmail.com> on 10/31/2001 08:30:38 PM

To: security-basics@securityfocus.com
cc:

Subject: authenticating through a router

probably a pretty basic question...

i just want to gather others' suggestions for the best way to authenticate
users between 2 sites connected by a dedicated T1. All internal private
addressing is being used...

each site has their own internet access.

DHCP is being used on both internal networks. So if ACL's are used to allow
certain IP's through, we'll probably run into "lease" issues. (static
"trusted" machines is an option, i guess.)

besides having the usual ACL's on the router(s)...after they hit the
router,
how could I authenticate users at the gateway, and continue on into the
remote network? Both networks are Windows 2000. (Trusting both domains
could
also be an option, i guess ;) But that would be 2 domains. Can users from
one domain use the same credentials on the "dedicated" domain, if they were
added as users with the same passwords that exist on the already existing
domain?

To make a difficult long scenario short....

Is there any software I could put on a hardened linux box, that could do
user authentication?

Any suggestions would be appreciated...thnx.

k0tu

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



Relevant Pages

  • Help! Cannot access network via VPN and no web in or out
    ... Running SBS2K connected to a Cisco 801 router. ... VPN will not connect to the SBS. ... Then yesterday at 4.30am it stopped authenticating the ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: [Full-disclosure] Captive Portal bypassing
    ... special tool is to just setup SSHD or a proxy to listen on TCP 53. ... can then tunnel out and do as you please without authenticating to the ... Not everyone has access to something listening on 53 that is ready to be ...
    (Full-Disclosure)